Historically, forensic laboratories would more often than not use an air-gapped network to protect data and the integrity of their investigations. Although some of our customers are moving away from this model (in many cases to better leverage services such as Azure and AWS) a large proportion still rely on the ‘air-gap’ as their primary security defence.
Researchers from cyber-security firm ESET recently discovered a never-before-seen malware framework named ‘Ramsey’ that is designed to specifically target data stored within air-gapped networks.
In the world we are currently living and working in, there can’t be many organisations who could hand on heart swear that they could get physical access to all of their endpoints at short notice. There has for some time been a gradual shift to remote working, but for obvious reasons this has now been accelerated beyond anyone’s expectations.
For investigation and cyber incident response departments this presents a challenge...